JP2020162051A - Information processing device, communication control method and program - Google Patents

Abstract

To solve the problem that a communication terminal holding a plurality of network interfaces sometimes transmits, from a default gateway, a response to a request received through a gateway different from the default gateway.SOLUTION: An information processing device having a plurality of network interfaces respectively connected to a plurality of different networks receives a request from one of the plurality of networks through a network interface connected to the respective networks, generates a response to a transmission source of the received request with a transmission destination of the request set in the transmission source by setting the transmission source of the request in the transmission destination, discards the response in the case that the network interface which has received the request is different from a network interface determined to be used to communicate with the transmission destination included in the response, and transmits the response from the network interface determined to be used to communicate with the transmission destination included in the response in the case of being the same.SELECTED DRAWING: Figure 3

Description

The present invention relates to, for example, an information processing device connected to a plurality of networks, and particularly to communication from the information processing device.

In an office environment that uses devices connected to the network, a gateway is prepared in the office, and IP addresses of different subnet environments are assigned to each network connection port of the device in order to build multiple subnet environments according to business purposes. Such cases generally exist.

Here, consider a case where a communication terminal holds a plurality of network interfaces as the above device and operates on each subnet environment. A gateway such as a router is prepared in each subnet environment, and the communication terminal communicates via each gateway depending on the situation (see, for example, Patent Document 1). There may be cases where terminals on different subnets make requests to communication terminals via gateways provided in each subnet. In this case, when the communication terminal receives the request, it analyzes the content of the request, creates response data, and tries to send it to the requesting terminal. At that time, which of the plurality of interfaces of the communication terminal to send the response data is generally determined by the network routing process. In general routing processing, in response to a request from a terminal on the subnet to which the communication terminal is connected, which interface the response should be sent to can be determined from the route table of the communication terminal. On the other hand, in response to a request received from another network via a gateway existing on the same subnet as the communication terminal, the communication terminal sends a response to a preset default gateway. That is, one of the gateways connected to each of the plurality of network interfaces is set in advance as the default gateway. When the communication terminal sends a response through the default gateway, the response is sent from a network interface belonging to the same subnet as the default gateway.

However, even if there are gateways on each subnet, only one of them can be set as the default gateway. Therefore, even for a request from a terminal via a gateway different from the default gateway, the communication terminal sends the response to the default gateway. As a result, the response may not reach the subnet to which the terminal that sent the request is connected. In such a case, generally, by setting static routing, it is possible to instruct the destination terminal holding a specific address to perform routing processing so as to transmit to a specific gateway.

Japanese Unexamined Patent Publication No. 2001-358762

By the way, it is difficult for a user to specify a condition by using static routing in a terminal or the like that does not have a user interface that can set static routing. In addition, even if it can be set, it is often difficult to define all the conditions without omission using static routing, such as when you do not have detailed knowledge of network technology and environment, or when there are many terminals to be set. .. In such a case, the setting is difficult, and a setting error or omission may occur. As a result, data may be transmitted via a communication path not intended by the user. As a result of making a mistake in the static routing setting, the communication terminal sends the response data to the default gateway belonging to a subnet different from the subnet to which the interface that received the request corresponding to the response belongs. In today's office environment, security is important, and sending a response to a request received on a specific interface to another interface can lead to information leakage, which is a problem.

For example, in order to protect personal information, a network system in which a subnet is constructed so that personal information is handled only within a specific subnet is common in public institutions. In such a network system, sending personal information to different subnets becomes a big problem.

Also, in companies that place importance on security these days, communication packet monitoring devices are placed in each subnet, and when the monitoring device detects an invalid packet, the sender's communication terminal is picked up as a malicious terminal, and the picked up terminal is used as a subnet. There is also a system that automatically disconnects from. In such a system, if a communication terminal sends a response to a request received by a specific interface to another interface, the communication terminal may be disconnected from the network on which the response is sent. obtain.

The present invention has been made in view of at least one of the above problems, and an object of the present invention is to provide a mechanism for transmitting a response to a received request to an appropriate network in an information processing device connected to a plurality of networks. Let it be one of. Another aspect of the present invention is to provide a mechanism for controlling a response to a request received via a predetermined interface so as not to respond via an interface different from the predetermined interface. ..

In order to achieve the above object, the present invention has the following configuration.

That is, according to one aspect of the present invention, a plurality of network interfaces connected to a plurality of different networks, respectively.
A receiving means for receiving a request from any of the plurality of networks via a network interface connected to each network.
A generation means for generating a response to the source of the received request, in which the source of the request is set as the destination and the destination of the request is set as the source.
If the network interface that received the request is different from the network interface determined to be used for communication with the destination included in the response, the response is discarded, and if they are the same, the response is included in the response. An information processing apparatus is provided that includes a control means for transmitting the response from the network interface determined to be used for communication with the destination.

According to one aspect of the present invention, in an information processing apparatus connected to a plurality of networks, a response to a received request can be transmitted to an appropriate network. Further, according to another aspect of the present invention, the response to the request received via the predetermined interface is controlled so as not to respond via the interface different from the predetermined interface. As a result, security can be improved.

Diagram showing network configuration The figure which shows the hardware structure of the image forming apparatus 101. The figure which shows the software structure of the image forming apparatus 101. The figure which shows the example of the network packet which the image forming apparatus 101 receives and responds to a request. The figure which shows the example of the route list of the network routing of the image forming apparatus 101. Processing flow diagram performed when the image forming apparatus 101 receives a request An example of a user interface that displays packets discarded by the image forming apparatus 101 A processing flow diagram different from FIG. 6 performed when the image forming apparatus 101 receives the request. A processing flow diagram different from those in FIGS. 6 and 8 performed when the image forming apparatus 101 receives the request.

Hereinafter, embodiments will be described in detail with reference to the accompanying drawings. The following embodiments do not limit the invention according to the claims. Although a plurality of features are described in the embodiment, not all of the plurality of features are essential for the invention, and the plurality of features may be arbitrarily combined. Further, in the attached drawings, the same or similar configurations are designated by the same reference numbers, and duplicate description is omitted.

(First Embodiment)
FIG. 1 is an overall view of a network including an image forming apparatus 101. The image forming apparatus 101 is connected to a plurality of networks 102 and 103. On the network 102 side, the terminal 105 such as a PC and the image forming apparatus 101, which is an example of the information processing apparatus, have a network configuration that can be connected via the network 102 and the gateway 104. Further, the terminal 107 such as a PC and the image forming apparatus 101 have a network configuration that can be connected via the network 103 and the gateway 106. Such a network configuration example is generally possible, for example, in a medium-sized or larger office environment, when a plurality of different subnet environments are constructed according to business purposes. The network of the present embodiment is not particularly limited in physical configuration, but is based on an IP network, and the packet described below refers to an IP packet.

● Hardware of the image forming apparatus FIG. 2 is a block diagram showing a hardware configuration of the image forming apparatus 101. The printer 101 is connected to networks 102 and 103, respectively, via NIC (network interface card) 206 and NIC 208. The NIC is also called a network interface. The CPU 201 (Central Processing Unit) executes the software program of the image forming apparatus 101 and controls the entire apparatus. The RAM 202 is a random access memory, and is used for temporarily storing data, processing various tasks after the firmware of the device is started, and the like when the CPU 201 controls the device. A program executed by the CPU 201 for realizing the procedure shown in FIGS. 6, 8 and 9 described later may also be stored in the RAM 202. The HDD 203 is a storage, and is used for storing various setting values of the image forming apparatus 101 and for spooling print data. The operation unit 204 includes a liquid crystal panel, displays various operation screens, and transmits instructions input via the operation screens to the CPU 201. The print engine 205 prints an image based on the image data on the recording medium. At the time of printing, the print engine 205 performs image processing such as color conversion, filter processing, and resolution conversion on the print data.

The NIC 206 is connected to the network 102, the NIC 208 is connected to the network 103, and controls data communication with external devices (terminals 105 and 107) on the respective networks. In this embodiment, the interface configuration is composed of two NICs, but interfaces with three or more NICs may be used. Further, each of NIC 206 and 208 may be a wired network or a wireless network, and for example, NIC 206 may be a wired network interface and NIC 208 may be a wireless network interface. The power supply control 207 is a power supply device for the printer 101. It controls the power ON / OFF and energization during Sleep.

● Software of the image forming apparatus FIG. 3 is a diagram showing a configuration of software controlled by the CPU 201 in the image forming apparatus 101. FIG. 3 shows a configuration for communication control, and other configurations such as applications are omitted. The user interface control unit 301 controls the operation unit 204 to display a message or accept an input by a user from the outside. The packet analysis / generation unit 302 receives the request packet from the terminal 105, analyzes the content of the request packet, and generates a response packet corresponding to the request packet. The packet analysis / generation unit 302 also includes the role of a commonly-called TCP / IP protocol (transmission control protocol / Internet protocol) stack.

The network routing unit 303 controls the route as to which of the NICs 206 and 208 the network packet transmitted from the image forming apparatus 101 reaches the gateways 104 and 106 and the external terminals 105 and 107. In routing, the network routing unit 303 uses a route table that holds a route list for network communication. By using this route table, the network routing unit 303 sends a network packet to the driver 305 for NIC 206 when transmitting a response packet from NIC 206 to network 102. Further, by using this route table, the network routing unit 303 sends a network packet to the driver 306 for NIC208 when transmitting a response packet from NIC 208 to network 103.

The packet detection unit 304 checks the response packet corresponding to the received request packet, and determines whether or not the network interface for transmitting the response packet determined by the processing of the network routing unit 303 is correct. The packet detection unit 304 monitors all the packets transmitted by the network routing unit 303 from any of the network interfaces of NIC 206 and NIC 208, and determines whether or not the network interface is correct.

The NIC 206 driver 305 and the NIC 208 driver 306 are driver software that controls the NICs 206 and 208, respectively, and control individual NICs for transmission / reception processing with the networks 102 and 103, respectively.

● Packet configuration example FIG. 4 is a configuration example of a format communication packet showing the address information of the destination (destination) and the source included in the header of the request packet or the response packet. The physical address information 401 is a field indicating the physical address information of each of the source terminal and the destination terminal, and includes a destination MAC (medium access control) address 402 and a source MAC address 403.

For example, when a request packet is transmitted from the terminal 105 to the image forming apparatus 101, the destination MAC address 402 of the packet generated by the terminal 105 is the MAC address of the network interface belonging to the same network as the terminal 105 among the network interfaces of the gateway 104. Become. Further, the source MAC address 403 is a MAC address held by the terminal 105. In this way, the source MAC address records the MAC address of the network interface that is the source in one network, and the destination MAC address records the MAC address of the network interface that is the destination in the network. Will be done. These addresses are rewritten to MAC addresses for each network each time they are transferred to different networks via a router or the like.

On the other hand, when the response packet corresponding to the request packet is transmitted from the image forming apparatus 101 to the terminal 105, the destination MAC address 402 of the packet generated by the image forming apparatus 101 belongs to the network 102 among the network interfaces of the gateway 104. It is the MAC address of the network interface. The source MAC address 403 is the MAC address assigned to NIC 208.

The IP header information 404 is a field indicating the IP addresses of the source and the destination, and includes the destination (destination) IP address 405 and the source IP address 406. When the request packet is transmitted from the terminal 105 to the image forming apparatus 101, the destination IP address 405 of the packet generated by the terminal 105 is the IP address assigned to the network interface on the NIC208 side of the image forming apparatus 101. The source IP address 406 is the IP address assigned to the terminal 105.

On the other hand, when the response packet corresponding to the request packet is transmitted from the image forming apparatus 101 to the terminal 105, the destination IP address 402 of the packet generated by the image forming apparatus 101 becomes the IP address assigned to the terminal 105. Further, the source IP address 403 is an IP address assigned to the network interface on the NIC208 side.

The data unit 407 includes a data unit that follows the protocol of the upper layer of the IP. For example, types such as request packets and response packets and various data corresponding to them are included. For example, when the upper layer is HTTP, the data unit 407 includes a port number indicating that it is HTTP, a Web information browsing request and its response, a print request such as LPD, and print data.

● Route table FIG. 5 is an example of a route table that holds a route list used by the network routing unit 303 to control routes. For example, the route information 501 indicates a communication route to the network 102 side. From the beginning, "192.168.11.0/24" indicates the network address and subnet mask of the network 102. “Eth1” indicates a network interface connected to the network whose address is “192.168.11.02 / 24”, that is, a network interface name on the NIC206 side. “Src 192.168.11.17” indicates the IP address of the network interface whose name is “eth1”, that is, the network interface on the NIC206 side. As a result, the network routing unit 303 can determine that the packet to be transmitted to the terminal in the network 102 is sent to the NIC 206 side.

Further, the route information 502 indicates a communication route to the network 103 side. Similar to the route information 501, "172.29.56.0.22" indicates the network address and subnet mask of the network 103. “Eth0” indicates a network interface connected to the network whose address is “172.29.56.0.22”, that is, a network interface name on the NIC208 side. "Src 172.29.59.153" indicates the IP address of the network interface whose name is "eth0", that is, the network interface on the NIC208 side. As a result, the network routing unit 303 can determine that the packet to be transmitted to the terminal in the network 103 is sent to the NIC 208 side.

The route information 503 indicates a route when the image forming apparatus 101 sets a default gateway. For example, when the default gateway is the gateway 106, "172.29.59.254" indicates the IP address of the gateway 106. According to the route setting of the route information 503, the default gateway is the gateway 106, and the network routing unit 303 determines to send data to the NIC 208 side having the same network 103 as the default gateway for transmission to the default gateway. Is possible. The network identity can be determined by masking the IP address with a subnet mask.

Generally, the default gateway is required to communicate with the terminal 107 on a network different from the networks 102 and 103 to which the image forming apparatus 101 is directly connected, which is set in the route information 501 and the route information 502. is there. In order to communicate with the terminal 107, the network routing unit 303 performs a process of determining a route from the IP address of the terminal 107. In the case where the image forming apparatus 101 holds a plurality of network interfaces, if the IP address of the terminal 107 does not match any of the subnet addresses of the networks 102 and 103, it is unclear from which interface the network routing unit 303 communicates. Become. At this time, the network routing unit 303 communicates with the gateway 106, which is the default gateway.

Here, consider the case where the terminal 105 sends the request packet to the image forming apparatus 101. Since the terminal 105 is also connected to a network different from the networks 102 and 103 like the terminal 107, the network routing unit 303 decides to send the response data to the gateway 106 which is the default gateway. As a result, the response packet corresponding to the request packet sent by the terminal 105 to the image forming apparatus 101 via the gateway 104 is transmitted to the network 103. This may lead to security problems such as information leakage. In order to prevent such a situation, the image forming apparatus 101 of the present embodiment executes the process described below.

● Filtering processing of response packets Fig. 6 shows a processing flow that prevents response packets from being transmitted from an inappropriate network interface in order to prevent the possibility of developing security problems such as information leakage. It is a figure. The procedure of FIG. 6 can be realized, for example, by the CPU 201 executing the program. That is, FIG. 6 shows the processing procedure of the program.

When the image forming apparatus 101 receives the request packet from the terminal 105 in S601, either the packet analysis / generation unit 302 or the packet detection unit 304 in S602 is a network address included in the destination IP address 405 of the packet. Determines which network address of the network 102 or 103 is matched. As a result, it is specified from which interface of NIC 206 or 208 the request packet is received, and information indicating the specified network interface (referred to as interface information) is retained. The interface information may be, for example, a network address included in the destination IP address 405 of the received request packet. Alternatively, it may be the interface name, IP address, MAC address, or the like of the corresponding image forming apparatus 101.

If the packet analysis / generation unit 302 holds the interface information that identifies the network interface on the side that received the request packet, the packet analysis / generation unit 302 transmits the interface information indicating the specified network interface to the packet detection unit 304. Notice. The notification is performed by any method such as message notification, writing to a shared resource such as a file, or referencing.

In S603, the packet analysis / generation unit 302 generates a response packet that is the response data for the request packet. At this time, the packet analysis / generation unit 302 sets the IP address set in the source IP address 406 of the request packet to the destination IP address 405 of the response packet. Further, the packet analysis / generation unit 302 sets the IP address set in the destination IP address 405 of the request packet to the source IP address 406 of the response packet. That is, a response packet is generated by exchanging the source IP address and the destination IP address of the request packet. After that, the packet analysis / generation unit 302 sends the generated response packet to the network routing unit 303.

The network routing unit 303 determines the network interface for transmitting the response packet based on the destination IP address 405 of the response packet and the route table. For example, the case where the destination IP address 405 of the response packet for the packet received via NIC208 is "172.25.1.1.100" will be described as an example. In this case, the conditions of 501 and 502 shown in FIG. 5 do not match. In this case, the network routing unit 303 determines to send the response packet to the NIC 206 in order to transmit it to the gateway 106 which is the default gateway. The network routing unit 303 attempts to transmit a response packet to the determined NIC 206. In this way, the interface used by the device to receive the packet and the interface determined as the destination do not always match.

In S604, the packet detection unit 304 checks whether the response packet sent by the network routing unit 303 to the NIC 206 is sent to the correct interface. Therefore, the interface information specified by the packet analysis / generation unit 302 in S602 and passed to the packet detection unit 304 is referred to. Then, it is determined whether the network interface that is the source of the response packet and the network interface specified by the interface information checked in S602 match. If it is determined that they match, the packet detection unit 304 determines in S606 that the source of the response packet is the correct interface, that is, the destination is the correct network, and ends the process. At this time, the response packet is transmitted from the interface to which it was delivered. In the present embodiment, the case where the source of the response packet is NIC208 is applicable. As a result, the response packet is sent to the network 102, and the information is not leaked to the network 103.

If the network interface that sends the response packet in S604 and the network interface specified in S602 do not match, the packet detection unit 304 determines in S605 that the source of the response packet is the wrong interface, and the response packet. Is destroyed. At this time, the packet detection unit 304 saves the information of the discarded packet as the discarded packet list. As a result, information is not leaked to the subnet 103 side.

● Discarded packet list FIG. 7 is an example of an information list of discarded packets in the description of FIG. When the packet detection unit 304 discards the response packet in S605, the user interface control unit 301 displays the information of the discarded packet on the operation unit 204 based on the discarded packet list saved in S605. The user interface control unit 301 acquires the history information (discarded packet list) of the discarded packets from the packet detection unit 304 when displaying the discarded packets. Acquisition is performed by either passing messages, commands, etc., or referencing information in shared resources or files.

In FIG. 7, MAC address 701 indicates the destination MAC address 402 of the discarded response packet. The IP address 702 indicates the destination IP address 405 of the discarded response packet. Port number 703 indicates the source port number of the discarded response packet. The port number 703 is generally stored in the data unit 407. The date and time 704 indicates the date and time when the packet detection unit 304 actually discarded the response packet. In this way, the dropped packet is presented to the user, and the user can know the information about the dropped packet. The source address is not recorded because the source is the image forming apparatus 101, and it is clear that the transmission was performed from the network interface on the side to which the default gateway is not connected.

With the above mechanism, it is possible to prevent the packet from being transmitted from an inappropriate network interface. As a result, even if there are omissions or mistakes in the static routing settings, it is possible to prevent the possibility of information leakage. In addition, it is possible to prevent a device to which a packet sent from an inappropriate network interface is destined from being disconnected from the network.

(Second Embodiment)
As the second embodiment, the parts different from the first embodiment will be described from here. FIG. 8 is an example of a procedure that is partially different from the flow described with reference to FIG. Since the processing contents for S601, S603, S605, and S606 are the same as those described with reference to FIG. 6, they will be omitted. This embodiment is common to the first embodiment except that the procedure of FIG. 5 is replaced by the procedure of FIG.

As a place different from the flow of FIG. 6, the process of S603 is performed without the process of S602. In the flow of FIG. 6, the processing of S602 is performed when the image forming apparatus 101 receives the request packet, but in the present embodiment, the processing at the time of receiving the request packet is not performed. Then, a response packet corresponding to the request packet is generated, and the process proceeds to S801.

In S801, the packet detection unit 304 checks whether the response packet sent by the network routing unit 303 to the NIC 206 is sent to the correct interface. For that purpose, the source IP address 406 of the response packet is referred to. The packet detection unit 304 checks whether or not the source IP address 406 matches the IP address assigned to the NIC 206. If the IP addresses match, the packet detection unit 304 determines in S606 that the destination of the response packet is the correct interface. As a result, the response packet is sent to the network 102, and the information is not leaked to the network 103.

As a result of the check in S801, if both IP addresses do not match, the packet detection unit 304 determines in S605 that the source of the response packet is the wrong interface, and discards the response packet. As a result, information is not leaked to the subnet 103 side.

Also in the present embodiment, the storage of the discarded packet list and the display of the information described in FIG. 7 are the same and will be omitted.

In the first embodiment and the second embodiment described above, the response packet is discarded at the timing before the image forming apparatus 101 transmits the response packet. Therefore, the packet can be discarded without complicated control such as editing the information in the response packet or dynamically changing the routing process. As a result, it is possible to prevent the possibility of information leakage with a relatively simple process.

(Third Embodiment)
In the first embodiment and the second embodiment, a method of discarding a packet to be transmitted from a network interface that is not suitable for a destination has been described. In the third embodiment, the network interface that received the request packet is specified, and the response packet is controlled to be transmitted from the network interface. By doing so, a mechanism for transmitting a packet from an appropriate network interface to the destination will be described. Here, a part different from the first embodiment and the second embodiment will be described. The difference is that FIG. 5 or FIG. 6 replaces the procedure of FIG. FIG. 9 is an example of a procedure that is partially different from the flow described with reference to FIG. The difference from the flow of FIGS. 6 and 8 is that the network interface that received the request packet is specified based on the request packet, and the response packet is transmitted from the same network interface as the network interface that received the request packet. .. Since the processing contents for S601, S602, and S603 are the same as those described with reference to FIG. 6, they will be omitted.

As a difference from the flow of FIG. 6, after the packet analysis / generation unit 302 generates a response packet in S603, at least one of the packet analysis / generation unit 302 or the packet detection unit 304 requests in S602 in S901. Send a response packet to the interface that received the packet. As a result, information is not leaked to the subnet 103 side, and unlike FIGS. 6 and 8, it is possible to transmit a response packet to the terminal 105.

By the above flow, it is possible to prevent the packet from being transmitted from the network interface which is not suitable for the destination, as in the first and second embodiments. This makes it possible to prevent the possibility of information leakage. Further, in the present embodiment, it is possible to transmit a packet to a destination from an appropriate network interface. Therefore, there is no packet that is discarded immediately before transmission, and communication can be performed efficiently. In particular, the terminal that is the source of the request packet can prevent the response packet from being discarded, where it has to wait until the response waiting time expires.

[Other Embodiments]
The present invention supplies a program that realizes one or more functions of the above-described embodiment to a system or device via a network or storage medium, and one or more processors in the computer of the system or device reads and executes the program. It can also be realized by the processing to be performed. It can also be realized by a circuit (for example, ASIC) that realizes one or more functions.

The present invention is not limited to the above embodiment, and various modifications and modifications can be made without departing from the spirit and scope of the invention. Therefore, a claim is attached to make the scope of the invention public.

101 image forming device, 102, 103 network, 104, 106 gateway, 105, 107 terminal

Claims (10)

With multiple network interfaces connected to different networks,
A receiving means for receiving a request from any of the plurality of networks via a network interface connected to each network.
A generation means for generating a response to the source of the received request, in which the source of the request is set as the destination and the destination of the request is set as the source.
If the network interface that received the request is different from the network interface determined to be used for communication with the destination included in the response, the response is discarded, and if they are the same, the response is included in the response. An information processing apparatus comprising: a control means for transmitting the response from the network interface determined to be used for communication with the destination. The information processing device according to claim 1.
When the receiving means receives the request, the receiving means stores the destination included in the request.
The control means compares the stored network interface corresponding to the destination with the network interface determined to be used for communication with the destination included in the response, and receives the request. Is an information processing device, which determines whether or not the interface is the same as the network interface determined to be used for communication with the destination included in the response. The information processing device according to claim 1.
The control means receives the request by comparing the network interface corresponding to the source included in the response with the network interface determined to be used for communication with the destination included in the response. An information processing device for determining whether or not the network interface is the same as the network interface determined to be used for communication with the destination included in the response. The information processing device according to any one of claims 1 to 3.
When the response is discarded by the control means, information including means for acquiring information including information about a destination included in the response from the discarded response and presenting the response to the user is further provided. Processing equipment. The information processing device according to claim 4.
The response is an Internet Protocol (IP) response packet.
The information processing apparatus includes, as information about the destination, a medium access control (MAC) address and an IP address of the destination. The information processing device according to claim 5.
The response is a Transmission Control Protocol (TCP) response packet.
The information processing device further includes a port number and a date and time of transmission. With multiple network interfaces connected to different networks,
A receiving means for receiving a request from any of the plurality of networks via a network interface connected to each network.
A generation means for generating a response to the source of the received request, in which the source of the request is set as the destination and the destination of the request is set as the source.
Information processing characterized by having a control means for transmitting the generated response from the network interface used for receiving the request specified based on the destination of the request among the plurality of network interfaces. apparatus. The information processing device according to any one of claims 1 to 7.
An information processing apparatus characterized in that the request and the response are IP packets, and the destination and the source are represented by the destination IP address and the source IP address contained in the IP packet, respectively. A program for operating a computer as the information processing device according to any one of claims 1 to 8. It is a communication control method by an information processing device having a plurality of network interfaces connected to a plurality of different networks.
Requests are received from any of the plurality of networks via the network interface connected to each network.
A response to the source of the received request, in which the source of the request is set as the destination and the destination of the request is set as the source.
If the network interface that received the request is different from the network interface determined to be used for communication with the destination included in the response, the response is discarded, and if they are the same, the response is included in the response. A communication control method comprising transmitting the response from the network interface determined to be used for communication with the destination.

Images